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DETAILED ACTION 



Response to Arguments 

1 . Applicant's arguments filed on 8/25/2004 with respect to the subject matter of the 
instant claims have been fully considered but are not persuasive. 

2. As per claim 1 , Applicant argues: "Wu does not disclose generating a second 
security context in response to a second user authentication (Page 5 2"" Paragraph)". 
Examiner notes Applicant's argument has been fully considered but is not persuasive. 
Wu teaches multiple authentication services allowing any system entry service to be 
used transparently with any combination of account / authentication services (Wu: see 
for example(s), Column 6 Line 18-21). Therefore, Examiner notes "multiple 
authentication services" as taught by Wu matches the claim languages of "a first user 
authentication" as well as "a second user authentication" from the computer system 
operating perspective, which is transparent to the viewpoint of a particular user. 
Although the claims are interpreted in light of the specification, limitations from the 
specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 
USPQ2d 1057 (Fed. Cir. 1993). 

3. Regarding to Applicant's remarks "Wu does not disclose said second security 
context aggregates said first security context and a security context corresponding to an 
identity in said second user authentication". Examiner notes Wu further teaches 
allowing multiple different accounts to be stacking (i.e. saving) and it is particularly 
useful in conjunction with the authentication services (Wu: see for example, Column 6 
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Line 65-66) and thereby allowing multiple authentication services to be stacked (i.e. 
"aggregated / saved" as to meet the claim language) for authenticating a user (Wu: see 
for example, Column 6 Line 67 - Column 7 Line 1 ). Besides, Wu further teaches the 
success of the second user authentication is depending upon the success of the 
previous / first user authentication and if either one fails, the user is denied access (Wu: 
see for example. Column 8 Line 44 - 66). Therefore, Wu does teach a security context 
corresponding to an identity in said second user authentication and said second security 
context aggregates said first security context and a security context corresponding to an 
identity in said second user authentication. 

4. Applicant argues: "Many principals disclosed in Wu are fundamentally different 
from principals of the claims and specifications of the present application". Examiner 
notes Applicant's argument has no merit since the alleged limitation has not been 
presented into the claim. 

5. As per claim 2 and 3, Applicant argues: "Wu does not disclose saving the first 
security context and pushing the first security context on a stack (Page 7)". Examiner 
notes Wu teaches allowing multiple authentication services to be stacked (i.e. 
"aggregated / saved" as to meet the claim language) for authenticating a user (Wu: see 
for example. Column 6 Line 67 - Column 7 Line 1 ) and stacking the security context 
must be operated with pushing security context into a stack in a computer system, 

6. As per claim 6, Applicant argues: "Savill does not teach reverting to said first 
security context in response to a user logoff'. Examiner notes Savill teaches a good 
idea for system administrators to do every-day's work with a low privileged account and 
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only change to an account if you really have to do administrative works (Savill: see for 
example, Line 1 - 3). Savill further teaches to avoid closing all open application and 
logoff, it is allowed to run in the security context of a different account (Savill: see for 
example, Line 4 - 5), which is evidently reverting to said first security context (i.e. low 
privileged account) in response to a user logoff after finishing the administrative work. 
7. As per claim 7, Applicant further argues: "Savill does not disclose popping said 
first security context off of a stack". Examiner notes Savill teaches reverting to said first 
security context (Savill: see for example, Line 1 - 5: see the previous paragraph in 
response to argument) and thereby Savill in view of Wu teaches the step of popping 
said first security context off of a stack because Wu teaches allowing multiple 
authentication services to be stacked for authenticating a user (Wu: see for example, 
Column 6 Line 67 - Column 7 Line 1 ) and stacking the security context must be 
operated with pushing and popping security context into and off a stack in a computer 
system. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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1. Claim 1 - 5, 8, 9 - 13, 16, 17 - 21 and 24 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Wu (U.S. Patent Number 5,774,551), hereinafter referred to as 
Wu. 

2. As per claims 1 , 9 and 1 7, Wu discloses an authentication method, product and 
system comprising: 

a. generating a first security context in response to a first user authentication; 
generating a second security context in response to a second user authentication (Wu: 
see for example(s), Column 6 Line 18 - 21 , Column 2 Line 8-14 and Column 17 Line 
1-14: Wu teaches multiple authentication services allowing any system entry service 
to be used transparently with any combination of account / authentication services (Wu: 
see for example(s), Column 6 Line 18-21). Therefore, Examiner notes "multiple 
authentication services" as taught by Wu matches the claim languages of "a first user 
authentication" as well as "a second user authentication" from the computer system 
operating perspective, which is transparent to the viewpoint of a particular user. 
Although the claims are interpreted in light of the specification, limitations from the 
specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 
USPQ2d 1057 (Fed. Cir. 1993). Wu first discloses multiple authentication services in 
conjunction with multiple login. Wu teaches authentication tokens (e.g. personal 
identification number and password) (Wu: see for example(s), Column 2 Line 8-14) 
and the associated account attributes (e.g. account expiration date and account service 
restriction, such as what directories, files, resources, or services the login user is 
authorized to access) (Wu: see for example(s). Column 17 Line 1-14). Both of 
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authentication token and account attribute are equivalent to the desired security 
context), 

b. said second security context aggregates said first security context and a security 
context corresponding to an identity in said second user authentication (Wu: see for 
example(s). Column 6 Line 65 - 66, Column 6 Line 67 - Column 7 Line 1, Column 8 
Line 44 - 66Column 3 Line 11 -14 and Column 6 Line 17-22. TABLE 1, Column 17 
Line 40 - 44, Column 1 0 Line 33 - 35 and Column 1 9, Line 54 - 56: Wu further teaches 
allowing multiple different accounts to be stacking (i.e. saving) and it is particularly 
useful in conjunction with the authentication services (Wu: see for example, Column 6 
Line 65 - 66) and thereby allowing multiple authentication services to be stacked (i.e. 
"aggregated / saved" as to meet the claim language) for authenticating a user (Wu: see 
for example, Column 6 Line 67 - Column 7 Line 1 ). Besides, Wu further teaches the 
success of the second user authentication is depending upon the success of the 
previous / first user authentication and if either one fails, the user is denied access (Wu: 
see for example. Column 8 Line 44 - 66). Therefore, Wu does teach a security context 
corresponding to an identity in said second user authentication and said second security 
context aggregates said first security context and a security context corresponding to an 
identity in said second user authentication. Wu teaches a unified login method to 
perform multiple login functions that are transparent to the user. The unified login 
provides multiple authentication services as well as the associated multiple account 
services (Wu: see for example(s), Column 3 Line 11-14, Column 6 Line 17-22, 
TABLE 1 and Column 1 7 Line 40 - 44). The user is granted access to the services only 
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after the composite security contexts (in light of multiple login) are authenticated and 
validated. This is also based upon the condition that each respective control flag of 
authentication service (or account service) is set as required instead of optional in the 
configuration file (Wu: see for example(s), Column 8 Line 61 - 66, TABLE 1 and 
Column 1 7 Line 40 - 44, Column 1 0 Line 33 - 35 and Column 1 9, Line 54 - 56). 

3. Wu teaches the composite security context derived from the multiple login can 
use any given identity corresponding to the unified login ID as equivalent to a single 
login. Wu does not disclose expressly the resultant aggregated / composite security 
context after successfully passing the 1^ and the 2"^^ user authentication must be 
corresponding to an identity in second user authentication. 

4. However, it would have been obvious to the person of ordinary skill in the art at 
the time the invention was made to modify the unified login ID in conjunction with the 
resultant aggregated / composite security context to be the identity of second user 
authentication because both of login IDs are merely served as the unique identifiers. 

5. As per claims 2, 10, and 18, Wu teaches the claimed invention as described 
above (see claim 1, 9 and 17, respectively). Wu further teaches: saving said first 
security context (Wu: see for example(s). Column 6 Line 67 - Column 7 Line 1 , Column 
3 Line 56 - 57: Wu teaches allowing multiple authentication services to be stacked (i.e. 
"aggregated / saved" as to meet the claim language) for authenticating a user (Wu: see 
for example. Column 6 Line 67 - Column 7 Line 1) and stacking the security context 
must be operated with pushing security context into a stack in a computer system). 
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6. As per claims 3, 1 1 , and 1 9, Wu teaches the claimed invention as described 
above (see claim 2, 10 and 18, respectively). Wu further teaches: saving said first 
security context comprises the step of pushing said first security context on a stack (Wu: 
see for example(s), Column 6 Line 64 - 67 and Column 7 Line 1 - 4: Wu teaches 
allowing multiple authentication services to be stacked (i.e. "aggregated / saved" as to 
meet the claim language) for authenticating a user (Wu: see for example. Column 6 
Line 67 - Column 7 Line 1 ) and stacking the security context must be operated with 
pushing security context into a stack in a computer system). 

7. As per claims 4, 12, and 20, Wu teaches the claimed invention as described 
above (see claim 1 , 9 and 1 7, respectively). Wu further teaches: receiving a user logoff 
(Wu: see for example(s), Column 19 Line 60 - 64). 

8. As per claims 5, 13, and 21 , Wu teaches the claimed invention as described 
above (see claim 4, 12 and 20, respectively). Wu further teaches: destroying said 
second security context in response to said step of receiving said user logoff (Wu: see 
for example(s), Column 19 Line 60 - 64). 

9. As per claims 8, 16, and 24, Wu teaches the claimed invention as described 
above (see claim 1, 9 and 17, respectively). Wu further teaches: determining an access 
permission in response to said second security context (Wu: see for example(s). 
Column 3 Line 1 1 - 1 4 and Column 6 Line 1 7 - 22. TABLE 1 , Column 1 7 Line 40 - 44, 
Column 10 Line 33 - 35 and Column 19, Line 54 - 56). 
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10. Claim 6 - 7, 14 - 15, and 22 - 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wu (U.S. Patent Number 5,774,551), hereinafter referred to as Wu, 
in view of Savill (Where can I find a Unix su like utility?), hereinafter refen-ed to as Savill. 

11. As per claims 6, 1 4 and 22, Wu teaches the claimed invention as described 
above (see claim 2, 1 0 and 1 8, respectively). Wu teaches destroying all security 
contexts created by multiple authentication services in response to a request of unified 
logout. Wu does not teach reverting to said first security context in response to a user 
logoff. 

1 2. Savill teaches reverting to said first security context in response to a user logoff 
(Savill: see for example. Line 1-5: Savill teaches a good idea for system 
administrators to do every-day's work with a low privileged account and only change to 
an account if you really have to do administrative works (Savill: see for example. Line 1 
- 3). Savill further teaches to avoid closing all open application and logoff, it is allowed 
to run in the security context of a different account (Savill: see for example. Line 4 - 5), 
which is evidently reverting to said first security context (i.e. low privileged account) in 
response to a user logoff after finishing the administrative work). 

1 3. It would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Savill within the system of Wu because 
Savill discloses a good idea (i.e. an effective and convenient method) from "Unix su" 
(substitute user or super-user) to allow the user to temporarily start applications running 
in the security context of a different account (e.g. first login as a regular user and 
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subsequently login as the super-user for doing administrative work as a member of the 
administrators group) to avoid closing all open applications and log off all users. 
14. As per claims 7, 15 and 23, Wu teaches the claimed invention as described 
above (see claim 6, 14 and 22, respectively). Savill further teaches reverting to said 
first security context comprises the step of popping said first security context off of a 
stack (Savill: Line 1 - 5, Wu: see for example, Column 6 Line 67 - Column 7 Line 1 : 
Savill teaches reverting to said first security context (Savill: see for example. Line 1 - 5: 
see the previous paragraph in response to argument) and thereby Savill in view of Wu 
teaches the step of popping said first security context off of a stack because Wu 
teaches allowing multiple authentication services to be stacked for authenticating a user 
(Wu: see for example, Column 6 Line 67 - Column 7 Line 1 ) and stacking the security 
context must be operated with pushing and popping security context into and off a stack 
in a computer system). Same rationale for combination applies here as above in 
rejecting claims 6 and 14. 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Longbit Chai 
Examiner 
Art Unit 2131 
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